When you insert control sequences (for example, TAB <=> 0x09), XSS attacks may occur that ignore the existing filter mechanisms.
In Web Dynpro for ABAP, this can be used, for example, using the standard element “sap-ep-themeroot”, to include external JS code.
Available fix and Supported packages
- SAP_BASIS | 700 | 701
- SAP_BASIS | 710 | 711
Security – Read KBA 2985997 for subcomponents
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.